Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/tree-kit@0.7.0
purl pkg:npm/tree-kit@0.7.0
Next non-vulnerable version 0.7.5
Latest non-vulnerable version 0.7.5
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-h846-hzt6-cqcz
Aliases:
CVE-2023-38894
GHSA-5p42-m6f3-hpmj
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
0.7.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-x5xx-ttsg-4bb8 CVE-2021-4278
GHSA-mw4x-g2x8-qcvf

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:25:05.466738+00:00 GHSA Importer Fixing VCID-x5xx-ttsg-4bb8 https://github.com/advisories/GHSA-mw4x-g2x8-qcvf 38.6.0
2026-06-12T19:03:25.535954+00:00 GitLab Importer Affected by VCID-h846-hzt6-cqcz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tree-kit/CVE-2023-38894.yml 38.6.0
2026-06-12T18:42:48.529528+00:00 GitLab Importer Fixing VCID-x5xx-ttsg-4bb8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tree-kit/CVE-2021-4278.yml 38.6.0
2026-06-12T08:14:55.202301+00:00 GithubOSV Importer Fixing VCID-x5xx-ttsg-4bb8 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-mw4x-g2x8-qcvf/GHSA-mw4x-g2x8-qcvf.json 38.6.0